2010 March | Windows, security, etc.

March 17th, 2010

Today, Core Security Technologies issued Security Advisory regarding Virtual PC Hypervisor Memory Protection Vulnerability.
Vulnerable systems are:

Microsoft Virtual PC 2007,
Microsoft Virtual PC 2007 SP1,
Windows Virtual PC,
Windows Server 2005 and
Windows Server 2005 R2 SP1

Microsoft Hyper-V is NOT vulnerable.

Vulnerability is explained in this document. If you don’t want to read the whole article (I advise you to read it) here are some important parts of it:

It’s only locally exploitable (remotely only if some other vulnerability exists that is remotely exploitable)
There is no CVE at the moment
It was discovered 7 months ago. Core Security worked with Microsoft to identify impact this may have before announcing it.
It’s using memory above 2GB (memory reserved for system)
It’s possible to bypass DEP (Data Execution Prevention), SafeSEH (Safe structured error handling) and ASLR (Address Space Layout Randomization)
There is a PoC (proofe of concept) code available
The vulnerable part of Virtual PC hypervisor is VMM (Virtual Machine Manager)

M	T	W	T	F	S	S
« Feb				Apr »
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31

Windows, security, etc.

Security is like a chain

Categories

Feeds

Virtual PC vulnerability

Microsoft Security Response Center

Microsoft Malware Protection Center

WebSense Security Labs Alerts

ECCouncil Hacker Journals

Tags

Microsoft Security Advisories

Latest Exploits

Colleagues

Portals

Archives

Recent Articles